Menlo warns of  risky AI generated ads

​

One in three UK consumers are unaware of the risk of malvertising when clicking on AI-generated ads online according to research by cloud security leader Menlo Security (www.menlosecurity.com).

The research conducted by CensusWide on behalf of Menlo Security warns of an increase in ‘malvertising’, a form of highly evasive threat where malware is embedded into online or social media ads – due to the rise in convincing fake ads created by AI tools like ChatGPT and image generators such as Midjourney and DALLE.  

Over 70% of those surveyed confirmed they are unaware of the risks of being infected with malware by clicking on a brand logo (such as one impersonating a well-known brand such as Microsoft or Google), or a social media ad (cited by 48% of respondents), and a further 40% say they did not know they could be infected just by clicking on pop-ups and banners.  In comparison, almost three-quarters (73%) of survey respondents understand they can be infected by malware hidden in an email link indicating that consumers have taken onboard the message surrounding the risk of clicking on links in email messages.

In the study, 70% of consumers say they click on advertisements on the internet ‘to some extent’; this is despite AI-generated ads making it more difficult to identify them as malicious.  As people visit sites with infected ads, they may unknowingly download malware onto their device.  On average, one out of 100 online ads is malicious, but Menlo Security warns that this could rise as more AI tools and software become available and easy to use.

Almost a third (31%) of all respondents are not confident in their ability to recognize and avoid malvertising threats.  This rises to 40% in women and 41% of over-55s.  What is clear is that consumer trust varies according to the nature of the site.  Social networking sites such as Facebook and Instagram are seen as more trustworthy, with one in five people trusting these sites not to have malvertising, while Twitter is less so (with only 14% trusting it not to have malvertising), says the survey.  This trust increases slightly for sites such as Amazon (28%) and Google (25%).

“The growing prevalence of AI generated content online will only fuel highly evasive threats such as malvertising.  AI used maliciously can not only generate convincing text, it can also generate images which can be made to appear like popular brands or logos,” explains Tom McVey, AI security spokesperson, Menlo Security.  “Our research has found that you’re only three to seven clicks away from malware online.  When users click a false link, cybercriminals can inject their malware onto the victim’s device, most commonly for financial gain.  With malware-as-a-service and AI generated text and images easily accessible, even attackers with little or no skills can create convincing ads – we’re expecting a big uptick in malvertising as a result.”

“The research found that only 32% wouldn’t trust any website not to contain malvertising, but awareness of the risks needs to increase so that anyone online applies caution to clicking on adverts on any website, no matter how much they trust it.  For example, we found that the top three brands impersonated by malicious threat actors over the last 90 days, to steal personal and confidential data, were Microsoft, Facebook, and Amazon.  Some people may be shocked to learn that even the most credible websites are not immune to malvertising,” comments McVey.